Critical VMware Vulnerabilities and Data Security Risks – What You Need to Know
What is VMware?
VMware is a widely utilized platform that creates, manages, and runs virtual machines, like the ones you probably use in your warehouse. VMware runs on a powerful physical server and creates virtual servers using the resources of the physical server.
What are the vulnerabilities?
VMware has designated the vulnerabilities as VMSA-2022-0021. These exploits allow malicious actors with access to a vulnerable VMware server the ability to exploit the platform and be granted direct administrative access or to execute malicious code. One major concern over this type of attack is the ability of the attacker to access additional connected systems, such as the WMS or internal affairs, once they have gained initial access.
How critical is this?
Gail from ML’s support team urges, “Ask yourself, ‘What would happen if a security breach completely shut down our business for a week?’ The answer to that question can easily give you the answer to this one: ‘Should I have my IT organization invest in ensuring my company systems are secure?’”
Many Mountain Leverage customers run their voice applications on VMware servers, and it’s probable that other systems in your organization run on VMware servers, too. If you’re unsure how the vulnerability directly impacts your business, reach out to your IT department.
What should we do now?
VMware has quickly released an update which addresses the vulnerability, and all VMware users are being encouraged to treat the issue as a critical priority and patch their software as soon as possible. While this particular issue seems to be well contained, it is an excellent reminder to patch early and patch often!
As you might remember, this sort of attack is not unprecedented in VMware systems. A similar exploit identified in May of this year also allowed attackers to impersonate a local user. Regarding the most recent vulnerabilities, the good news is that there is not yet evidence that the exploit has been used by malicious actors.
If you have questions or concerns about security issues or possible sticking points with your voice solutions, the Mountain Leverage support team is available 24/7.